How do declarative config files scale?

I am following the tutorials and trying to learn a little more about Kong. I set up decK so that I can sync and everything seems nice with updating the db and the kong.yaml.

But I have a big reservation about the declarative configs. If I am adding a plugin like JWT, it has a consumer with a secret key. Or with the oauth plugin, we have a consumer with a client id and secret (etc). These also get dumped into the kong.yaml file. My question is why it is designed this way and how to proceed? I understand that they need to be configured somewhere, but this means that user-specific secrets are being appended to Kongs config file and I didn’t see a clear pointer on how to manage that well. More importantly though, it seems unmaintainable if e.g. we have many many consumers (I assume that would be normal to have). I would like some advice on how to approach this as I am still just learning.

I did see this thread which looks like it has the same concern, but it has no answers and so I decided to make a new one.

Should we be using the tag approach with distributed configuration in decK, and not dump client secrets but instead store those in kong DB?

Thank you

1 Like

Kong Secrets feels like it will address your use case.